[clug] Linux Security

Alex Satrapa grail at goldweb.com.au
Fri Oct 10 00:18:41 GMT 2008

On 09/10/2008, at 18:37 , steve jenkin wrote:

> Picking up an old thread, I was wondering how people provide (local)
> email access for 'global travellers'.

One solution will provide you with the means to send/receive email  
both locally and remotely, without having to set up any extra fiddly  
bits that are bound to break while out in the field.

> Is this solved with just TLS/SSL + user login (and I get busy reading)


You set the TLS + login option on your SMTP and IMAP server once. You  
reconfigure every laptop to use TLS for both sending and receiving  
email, all the time. Then everything "just works" from there onwards.  
No need to train people to use VPN software, no need to figure out  
how many ways the VPN software can break when actually being used, etc.

The hardest part is figuring out whether the mail client can be told  
to remember your self-signed certificate, or will the user have to  
keep clicking the "continue anyway" button every time they launch  
their email client or check for new messages?

Since you're going to make TLS + login the default connection method  
for this client's entire email experience, there will be no surprises  
apart from having to change firewall rules. All this is set-and- 
forget from the user's perspective. There is no reason for the  
enduser to have to learn to use VPN software unless they desperately  
need to be able to show off flashy features to their high powered  
executive friends.


nitpick: please remember to trim unnecessary material when quoting  
old messages.

More information about the linux mailing list